基于SOAR的安全運(yùn)營(yíng)自動(dòng)化關(guān)鍵技術(shù)構(gòu)建及未來(lái)演進(jìn)方向
信息技術(shù)與網(wǎng)絡(luò)安全
趙粵征,葉建偉,贠 珊,郭蘭杰
(綠盟科技集團(tuán)股份有限公司,北京100089)
摘要: 針對(duì)現(xiàn)有的安全可視化編排及自動(dòng)化響應(yīng)技術(shù),提出將復(fù)雜的APT威脅場(chǎng)景、漏洞、自動(dòng)化響應(yīng)驗(yàn)證、關(guān)鍵基礎(chǔ)設(shè)施合規(guī)管理等安全能力納入到現(xiàn)有SOAR(Security Orchestration Automation Response)的可視化編排及響應(yīng)中,極大地豐富并完善了Gartner提出的SOAR的安全編排及自動(dòng)化響應(yīng)的概念場(chǎng)景,大幅提升安全運(yùn)營(yíng)的效能和成熟度;通過(guò)DevSecOps開放架構(gòu)及OpenC2開放式管控接口,自適應(yīng)支持不同設(shè)備的數(shù)據(jù)接入及安全響應(yīng)管控,構(gòu)建圍繞SOAR為主體的安全運(yùn)營(yíng)生態(tài)體系;在此基礎(chǔ)上,提出安全運(yùn)營(yíng)自動(dòng)化未來(lái)演進(jìn)方向,即構(gòu)建多人協(xié)同的統(tǒng)一空間協(xié)同作戰(zhàn)體系,通過(guò)多人協(xié)同定義并改進(jìn)安全分析及響應(yīng)模型,迅速完成“安全策略、保護(hù)、檢測(cè)和響應(yīng)”的信息循環(huán)及信息再利用。
中圖分類號(hào): TP309
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.03.004
引用格式: 趙粵征,葉建偉,贠珊,等. 基于SOAR的安全運(yùn)營(yíng)自動(dòng)化關(guān)鍵技術(shù)構(gòu)建及未來(lái)演進(jìn)方向[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(3):19-27.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.03.004
引用格式: 趙粵征,葉建偉,贠珊,等. 基于SOAR的安全運(yùn)營(yíng)自動(dòng)化關(guān)鍵技術(shù)構(gòu)建及未來(lái)演進(jìn)方向[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(3):19-27.
Key technology construction and future evolution direction of security operation automation based on SOAR
Zhao Yuezheng,Ye Jianwei,Yun Shan,Guo Lanjie
(NSFOCUS Technologies Group Co.,Ltd.,Beijing 100089,China)
Abstract: Aiming at the existing security visual orchestration and automatic response technology, the paper proposes to integrate the complex security capabilities such as APT threat scenario, vulnerability, automatic response verification, and key infrastructure compliance management into the visual orchestration and automation response of the existing SOAR(Security Orchestration Automation Response), which complements and greatly enricates the conceptual scene of the SOAR proposed by Gartner,which significantly improves the effectiveness and maturity of security operations. Through DevSecOps open architecture and OpenC2 open management and control interface, it can adaptively support data access and security response control of different devices, and build a secure operation ecosystem around SOAR. On this basis, the future evolution direction of security operation automation is proposed, that is, to build a unified space cooperative combat system with multi-person collaboration, and quickly complete the information cycle and information reuse of "Policy, Protection, Detection and Response" by defining and improving the security analysis and response model with multi-person collaboration.
Key words : security operation automation;SOAR;DevSecOps open architecture;OpenC2 interface;secure operation ecosystem;unified space cooperative combat system
0 引言
安全運(yùn)營(yíng)核心能力在于將人、數(shù)據(jù)、以技術(shù)為基礎(chǔ)的工具和流程有機(jī)集合,共同構(gòu)成安全運(yùn)營(yíng)的基本要素,以數(shù)據(jù)為基礎(chǔ),以安全分析為手段,發(fā)現(xiàn)有效威脅;以響應(yīng)為閉環(huán)措施達(dá)到對(duì)安全風(fēng)險(xiǎn)的抑制或者降低,從而實(shí)現(xiàn)從被動(dòng)安全到主動(dòng)安全的轉(zhuǎn)變。而SOAR作為近年來(lái)推出的安全編排自動(dòng)化響應(yīng)解決方案[1-2],充分融合了數(shù)據(jù)、人的安全技能、工具、流程,從而達(dá)到快速高效實(shí)現(xiàn)安全運(yùn)營(yíng)的目的。隨著SOAR解決方案的逐步推進(jìn)和落地,安全運(yùn)營(yíng)自動(dòng)化已經(jīng)初見雛形,并在安全運(yùn)營(yíng)方面發(fā)揮著越來(lái)越重要的作用。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://www.viuna.cn/resource/share/2000003422
作者信息:
趙粵征,葉建偉,贠 珊,郭蘭杰
(綠盟科技集團(tuán)股份有限公司,北京100089)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。